agentspend 0.1.10 → 0.2.0

package/README.md

@@ -1,43 +1,38 @@
-# AgentSpend
+# agentspend
 
-CLI for managing AI agent payment methods — cards (Stripe) and crypto wallets (USDC on Base).
+AgentSpend CLI for calling x402 endpoints through AgentSpend Cloud.
 
 ## Install
 
 ```bash
-npm install -g agentspend
+npm install
+npm run build
 ```
 
-## Card setup (Stripe)
+## Commands
 
 ```bash
-# Start card setup — opens Stripe in your browser
-agentspend card setup
-
-# Check setup status
-agentspend card status
+agentspend configure
+agentspend pay <url> [--method GET|POST|PUT|PATCH|DELETE|...] [--body '{"hello":"world"}'] [--header 'Content-Type:application/json'] [--max-cost 5.000000]
+agentspend check <url> [--method GET|POST|PUT|PATCH|DELETE|...] [--body '{"hello":"world"}'] [--header 'Content-Type:application/json']
+agentspend status
 ```
 
-`card setup` creates a card via the AgentSpend API, opens the Stripe setup URL in your browser, and polls until the card is ready. The `card_id` is saved to `~/.agentspend/card.json`.
+## Credentials
 
-Agents use the `card_id` to pay services by sending `x-card-id: card_xxx` in request headers.
+Credentials are stored at `~/.agentspend/credentials.json`.
 
-## Wallet (crypto)
+## Local backend dev CLI
 
-```bash
-# Generate a new wallet for x402 payments
-agentspend wallet create
+Use the local entrypoint (hardcoded to `http://127.0.0.1:8787`) when testing against a local backend:
 
-# Show address, network, and USDC balance
-agentspend wallet status
+```bash
+bun run dev:local -- configure
 ```
 
-`wallet create` generates a local private key and saves it to `~/.agentspend/wallet.json`. Fund the address with USDC on Base to pay x402-enabled services.
-
-## Configuration
+Build a non-published local binary:
 
-| Variable | Description |
-|----------|-------------|
-| `AGENTSPEND_API_URL` | Platform API base URL (default: `https://api.agentspend.co`) |
-
-Config files are stored in `~/.agentspend/`.
+```bash
+bun run build
+node dist/dev-index.js configure
+```

package/SKILL.md

@@ -0,0 +1,118 @@
+---
+name: agentspend
+description: Find the right APIs for any task and pay for them, without authentication.
+---
+
+# When To Use This Skill
+Use this skill whenever the user asks to:
+- find data from external APIs
+- call an endpoint
+- fetch/search information outside local context
+- pay for x402 services
+
+## Setup
+
+```bash
+npx agentspend configure
+```
+
+Opens a URL to add a credit card and set a weekly spending limit. Saves credentials to `~/.agentspend/credentials.json`.
+
+If already configured, re-running opens the dashboard to update settings.
+
+## Commands
+
+### Pay
+
+```bash
+npx agentspend pay <url>
+```
+
+Make a paid request. AgentSpend handles the payment automatically. Works with endpoints that support x402 (HTTP 402-based payment protocol for APIs).
+
+**Options:**
+- `--method <method>` — HTTP method (default: `GET`)
+- `--body <body>` — Request body (JSON or text)
+- `--header <header>` — Header in `key:value` format (repeatable)
+- `--max-cost <usd>` — Maximum acceptable charge in USD (up to 6 decimal places)
+
+**Returns:**
+- Response body from the endpoint
+- Charge amount and remaining weekly budget
+
+**Example:**
+
+```bash
+npx agentspend pay <url> \
+  --method POST \
+  --header "key:value" \
+  --body '{"key": "value"}' \
+  --max-cost 0.05
+```
+
+### Check
+
+```bash
+npx agentspend check <url>
+```
+
+Discover an endpoint's price without paying.
+
+**Example:**
+
+```bash
+npx agentspend check <url>
+```
+
+**Returns:**
+- Price in USD
+- Description (if available)
+
+### Search
+
+```bash
+npx agentspend search <keywords>
+```
+
+Keyword search over service names and descriptions in the catalog. Returns up to 5 matching services.
+
+**Example:**
+
+```bash
+npx agentspend search "video generation"
+```
+
+### Status
+
+```bash
+npx agentspend status
+```
+
+Show account spending overview.
+
+**Returns:**
+- Weekly budget
+- Amount spent this week
+- Remaining budget
+- Recent charges with amounts, domains, and timestamps
+
+### Configure
+
+```bash
+npx agentspend configure
+```
+
+Run onboarding or open the dashboard to update settings (weekly budget, domain allowlist, payment method).
+
+## Spending Controls
+
+- **Weekly budget** — Set during configure. Requests that would exceed the budget are rejected.
+- **Per-request max cost** — Use `--max-cost` on `pay` to reject requests above a price threshold.
+- **Domain allowlist** — Configurable via the dashboard. Requests to non-allowlisted domains are rejected.
+
+## Common Errors
+
+- **`WEEKLY_BUDGET_EXCEEDED`** — Weekly spending limit reached. Run `npx agentspend configure` to increase the budget.
+- **`DOMAIN_NOT_ALLOWLISTED`** — The target domain is not in the allowlist. Run `npx agentspend configure` to update allowed domains.
+- **`PRICE_EXCEEDS_MAX`** — Endpoint price is higher than `--max-cost`. Increase the value or remove the flag.
+- **`UNSUPPORTED_PAYMENT_REQUIRED_FORMAT`** — The endpoint returned a 402 response but doesn't use the x402 format AgentSpend supports.

package/dist/cli.js

@@ -0,0 +1,63 @@
+import { Command } from "commander";
+import { runCheck } from "./commands/check.js";
+import { runConfigure } from "./commands/configure.js";
+import { runPay } from "./commands/pay.js";
+import { runSearch } from "./commands/search.js";
+import { runStatus } from "./commands/status.js";
+import { AgentspendApiClient } from "./lib/api.js";
+function parsePositiveUsd(value) {
+    const parsed = Number(value);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        throw new Error(`Expected a positive USD value, received: ${value}`);
+    }
+    const rounded = Math.round(parsed * 1_000_000) / 1_000_000;
+    if (Math.abs(parsed - rounded) > 1e-9) {
+        throw new Error(`Expected at most 6 decimal places, received: ${value}`);
+    }
+    return parsed;
+}
+export async function runCli(options) {
+    const program = new Command();
+    const apiClient = new AgentspendApiClient(options?.baseUrl);
+    const programName = options?.programName ?? "agentspend";
+    program.name(programName).description("AgentSpend CLI").version("0.2.0");
+    program
+        .command("pay")
+        .argument("<url>", "URL to call")
+        .description("Make a paid request")
+        .option("-X, --method <method>", "HTTP method for target request", "GET")
+        .option("--body <body>", "Request body (JSON or text)")
+        .option("--header <header>", "Header in key:value form", (value, previous) => {
+        return [...previous, value];
+    }, [])
+        .option("--max-cost <usd>", "Maximum acceptable charge in USD (up to 6 decimals)", parsePositiveUsd)
+        .action(async (url, commandOptions) => {
+        await runPay(apiClient, url, commandOptions);
+    });
+    program
+        .command("check")
+        .argument("<url>", "URL to check")
+        .description("Discover endpoint price without paying")
+        .option("-X, --method <method>", "HTTP method for target request", "GET")
+        .option("--body <body>", "Request body (JSON or text)")
+        .option("--header <header>", "Header in key:value form", (value, previous) => {
+        return [...previous, value];
+    }, [])
+        .action(async (url, commandOptions) => {
+        await runCheck(apiClient, url, commandOptions);
+    });
+    program
+        .command("search")
+        .argument("<query...>", "Keyword query")
+        .description("Search services by name and description")
+        .action(async (queryParts) => {
+        await runSearch(apiClient, queryParts.join(" "));
+    });
+    program.command("status").description("Show weekly budget and recent charges").action(async () => {
+        await runStatus(apiClient);
+    });
+    program.command("configure").description("Run onboarding/configuration flow").action(async () => {
+        await runConfigure(apiClient);
+    });
+    await program.parseAsync(process.argv);
+}

package/dist/commands/check.js

@@ -0,0 +1,40 @@
+import { ApiError } from "../lib/api.js";
+import { requireApiKey } from "../lib/credentials.js";
+import { formatUsd, usd6ToUsd } from "../lib/output.js";
+import { normalizeMethod, parseBody, parseHeaders } from "../lib/request-options.js";
+export async function runCheck(apiClient, url, options) {
+    const apiKey = await requireApiKey();
+    try {
+        const response = await apiClient.check(apiKey, {
+            url,
+            method: normalizeMethod(options.method),
+            headers: parseHeaders(options.header),
+            body: parseBody(options.body),
+        });
+        if (response.free) {
+            if ((response.status ?? 200) >= 400) {
+                console.log(`No payment required, but endpoint returned status ${response.status}.`);
+                return;
+            }
+            console.log("This endpoint is free.");
+            return;
+        }
+        const policyUsd = response.price_usd ?? (typeof response.price_usd6 === "number" ? usd6ToUsd(response.price_usd6) : null);
+        const price = policyUsd !== null ? formatUsd(policyUsd) : "unavailable";
+        const description = response.description ?? "unavailable";
+        console.log(`Price: ${price}`);
+        console.log(`Description: ${description}`);
+        return;
+    }
+    catch (error) {
+        if (error instanceof ApiError) {
+            const body = error.body;
+            if (error.status === 502 && body?.code === "UNSUPPORTED_PAYMENT_REQUIRED_FORMAT") {
+                const headers = (body.details?.header_names ?? []).join(", ");
+                console.error(`Endpoint returned 402 with an unsupported payment format. Headers seen: ${headers || "none"}.`);
+                return;
+            }
+        }
+        throw error;
+    }
+}

package/dist/commands/configure.js

@@ -0,0 +1,99 @@
+import bcrypt from "bcryptjs";
+import crypto from "node:crypto";
+import { ApiError } from "../lib/api.js";
+import { clearPendingConfigureToken, readCredentials, readPendingConfigureToken, saveCredentials, savePendingConfigureToken, } from "../lib/credentials.js";
+const POLL_INTERVAL_MS = 2_000;
+const CONFIGURE_TIMEOUT_MS = 10 * 60 * 1000;
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function generateApiKey() {
+    return `sk_agent_${crypto.randomBytes(32).toString("hex")}`;
+}
+function isExpiredStatus(status) {
+    return status.claim_status === "expired";
+}
+async function getStatusOrNull(apiClient, token) {
+    try {
+        return await apiClient.configureStatus(token);
+    }
+    catch (error) {
+        if (error instanceof ApiError && (error.status === 401 || error.status === 404 || error.status === 410)) {
+            return null;
+        }
+        throw error;
+    }
+}
+async function tryAuthenticatedConfigure(apiClient, apiKey) {
+    try {
+        return await apiClient.configure(undefined, apiKey);
+    }
+    catch (error) {
+        if (error instanceof ApiError && error.status === 401) {
+            return null;
+        }
+        throw error;
+    }
+}
+async function claimAndSaveCredentials(apiClient, token) {
+    const apiKey = generateApiKey();
+    const apiKeyHash = await bcrypt.hash(apiKey, 12);
+    await apiClient.claimConfigure(token, apiKeyHash);
+    await saveCredentials(apiKey);
+    await clearPendingConfigureToken();
+}
+export async function runConfigure(apiClient) {
+    const credentials = await readCredentials();
+    if (credentials) {
+        const authenticatedResponse = await tryAuthenticatedConfigure(apiClient, credentials.api_key);
+        if (authenticatedResponse) {
+            console.log(`Open this URL to configure settings:\n${authenticatedResponse.configure_url}`);
+            return;
+        }
+    }
+    let token = await readPendingConfigureToken();
+    let status = null;
+    if (token) {
+        status = await getStatusOrNull(apiClient, token);
+        if (!status || isExpiredStatus(status)) {
+            token = null;
+            status = null;
+            await clearPendingConfigureToken();
+        }
+    }
+    if (!token) {
+        const created = await apiClient.configure();
+        token = created.token;
+        await savePendingConfigureToken(token);
+        status = created;
+    }
+    if (!status) {
+        throw new Error("Unable to initialize configure session. Run agentspend configure again.");
+    }
+    console.log(`Open this URL to configure settings:\n${status.configure_url}\n`);
+    console.log("Waiting for card setup and API key claim...");
+    const started = Date.now();
+    while (Date.now() - started < CONFIGURE_TIMEOUT_MS) {
+        if (status.claim_status === "ready_to_claim") {
+            await claimAndSaveCredentials(apiClient, token);
+            console.log("Ready! Your agent can now spend.");
+            return;
+        }
+        if (status.claim_status === "expired") {
+            await clearPendingConfigureToken();
+            throw new Error("Configure session expired. Run agentspend configure again.");
+        }
+        if (status.claim_status === "claimed") {
+            await clearPendingConfigureToken();
+            throw new Error("Configure session already claimed. Run agentspend configure again.");
+        }
+        await sleep(POLL_INTERVAL_MS);
+        const polled = await getStatusOrNull(apiClient, token);
+        if (!polled) {
+            await clearPendingConfigureToken();
+            throw new Error("Configure session expired. Run agentspend configure again.");
+        }
+        status = polled;
+    }
+    throw new Error("Configure timed out. Run agentspend configure again.");
+}